Intel Sgx Encryption
Fleeting- Référence externe : https://security.stackexchange.com/questions/136993/intel-sgx-details#:~:text=The%20MEE%20uses%20a%20complicated,used%20in%20the%20MAC%20construction).
Memory Encryption
All enclave data is transparently encrypted in memory. This is performed by the SGX Memory Encryption Engine (MEE). The MEE uses a complicated combination of
- Merkle trees,
- a tweaked version of AES Counter Mode,
- and a Carter-Wegman MAC construction.
This uses
- a 128-bit confidentiality key,
- a 56-bit counter,
- a 128-bit integrity key (producing 56-bit MAC tags),
- and a 512-bit universal hash key (used in the MAC construction).
These are generated at boot, placed in special MEE registers, and destroyed at system reset. The MEE operates on 512-bit cache lines, so each encryption takes four AES operations.